A conversation about security

April 2013 Cyber Security

Craig Rosewarne
Craig Rosewarne

The person who is probably most in touch with the state of information security in South Africa is Craig Rosewarne, MD of Wolfpack Information Risk and founder and chairperson of the Information Security Group of Africa (ISGA). Rosewarne deals with both private and public organisations in his efforts to increase their level of information security awareness and preparedness.

And while he says the awareness is growing, he still comes across situations where organisations are poorly prepared to deal with the current wave of cyber crime, never mind what the future holds. The publication Wolfpack brought out past year, The South African Cyber Threat Barometer estimates that R2.65 billion was lost to cyber crime in the period from January 2011 to August 2012, with just over R660 million that was not recovered. The publication is downloadable at www.securitysa.com/*infosec5.

And that is not considering the other cyber crimes, such as cyber espionage faced on a national level, and the theft of intellectual property and business strategy that has been widely publicised of late in the USA. As the article introducing this section notes, South African companies and the government are naïve if they think the cyber villains are going to pass this country by.

One of the greatest flaws in South Africa is a lack of a response mechanism to cyber attacks. We have a few private companies that can initiate a response to a commercial attack, but no national organisation to deal with the threat and despite previous talk of developing a CERT (Computer Emergency Readiness Team) for the country, it seems this has been put on the back burner.

Rosewarne is also a concerned about the lack of security skills in South Africa, both in the private and public sectors and is looking for ways in which business can work together to overcome this problem. He has already been instrumental in promoting SANS training and certifications on the continent. He admits, however, that much more is needed.

RSA 2013 Conference

Rosewarne attended the recent RSA conference and gave Hi-Tech Security Solutions a few pointers on what was discussed. The conference was attended by over 27 000 people and featured over 250 talks, giving the attendees over 20 tracks per session to choose from.

In facing the information security threats the world is threatened by, the conference highlighted the following key themes, among others:

* Big data analytics has arrived. Arthur Coviello, RSA executive chairman, said, “Caesar recognised the omens, he just did not think they applied to him. Big technology data is here – embrace it.”

* Ensure you implement and test incident response capabilities.

* Develop deep technical information security skills.

* Obtain threat intelligence from as many sources as you can.

* Focus less on ‘tick-box’ assessments and put more effort into implementation.

* Establish multiple internal and external partnerships.

Notable notes

Among the notable presentations, Rosewarne highlighted a few that stood out, although he notes that they were all well worth listening to.

Ari Juels from RSA moderated a cryptographer’s panel with some well-known gurus in the field, including Ron Rivest, Whitfield Diffie, Adi Shamir and Dan Boneh. One of the topics discussed was security and cryptography education. Stanford offers their crypto class online via massive open online courses (MOOC). Its last intake was over 150 000 students with the largest registrations after the USA being China and India.

According to these experts, cryptography as a discipline is under strain and strangely becoming less relevant today. This is because intelligence agencies are often able to bypass encryption and APTs, sometimes buried within networks for years, simply have to wait for a key to be used in the decryption stage and they are in.

A panel discussion on the CSIS 20 Critical Security Controls discussed a new standard of due care for cyber security. “The Twenty Critical Security Controls have already begun to transform security in government agencies and other large enterprises by focusing their spending on the key controls that block known attacks and find the ones that get through.” (Source: http://www.sans.org/critical-security-controls.)

On the panel, Ed Skoudis said, “we ran an exercise of analysing all the large scale breach cases we have investigated. After mapping them to the 20 controls we are confident that had the companies implemented the controls these breaches would have been prevented.”

Of course, most companies do not have the 20 controls in place and are still suffering breaches. When looking at enterprise impact investigations, the consensus is that many companies do not conduct a thorough investigation following a breach. If systems are not reviewed in detail and the threats mitigated, they will return. Regulators have also changed their attitudes regarding investigations and insist that more detailed reviews take place.

Finally, although there was much more to see and hear at the conference, Rosewarne ends with a list of which functions should be part of a crisis management team.

* An experienced public relations firm.

* Legal experts.

* Board involvement needed to support and respond.

* Intelligence gathering analysts.

* Incident response professionals.

* Forensic investigators.

* Malware analysts.

* Network traffic monitoring staff.

* Data analysis service, and

* Breach notification management and business support teams.

These types of services are seldom offered by one company, therefore ensure you have the necessary partnerships in place before an incident happens, advises Rosewarne.


Share this article:
Share via emailShare via LinkedInPrint this page

Further reading:

Cyber resilience is more than cybersecurity
Technews Publishing Cyber Security Integrated Solutions IT infrastructure
Hi-Tech Security Solutions held a round-table discussion focusing on cyber resilience and found that while the resilience discipline includes cybersecurity, it also goes much further.

Defining the resilience of cybersecurity
Cyber Security Security Services & Risk Management
Cyber resilience is less buzzword and more critical business strategy as the cybercrime landscape grows in intent and intensity.

From the editor's desk: Security and resilience
Technews Publishing News
It’s often said that South Africans are a resilient bunch, and history has proven this correct. When it comes to security, both cyber and physical, resilience is key to an effective defensive plan. ...

Hikvision aims for solutions
Technews Publishing Hikvision South Africa Editor's Choice CCTV, Surveillance & Remote Monitoring News Integrated Solutions Conferences & Events
Hikvision recently held a roadshow titled Industry X, where the company highlighted its latest products and solutions, supported by partners and distributors.

ADI Expo returns to South Africa
Technews Publishing ADI Global Distribution News
September saw the return of the ADI Expo to South Africa. The Johannesburg event was held at the Focus Rooms and the Durban event, two days later, at the Southern Sun Elangeni & Maharani.

Technoswitch Awards dinner for 2022
Technews Publishing News Fire & Safety
Technoswitch hosted its fifth awards dinner at Montecasino in September, where customers and suppliers celebrated a year of success.

Reliable, low-maintenance video appliances
Technews Publishing Editor's Choice CCTV, Surveillance & Remote Monitoring News IT infrastructure Products
Symetrix, part of the Agera Group, has added the AES range of video recording servers, storage appliances and workstations to its portfolio.

How to stay cybersafe on business trips
Cyber Security
No matter where you are in the world, tech-savvy criminals are looking for ways to exploit email addresses, social media profiles, passwords, financial data and stored files.

Resilience is a collaborative effort
Technews Publishing Editor's Choice
Cyber resilience is not an ‘IT thing’; Wayne Olsen says it is an enterprise-wide risk strategy that involves collaboration, lots of collaboration.

The challenge of data safety and availability
Technews Publishing Editor's Choice Cyber Security
Veeam offers backup and recovery software that presents the user with one interface to manage backups to and from almost any platform.